What is the best way to gain access when the password is unknown?
772
If you were provided a computer running Windows 2000 or newer and you have no passwords, what method do you use to gain access with administrator privileges so you can use the system?
I haven't personally tried Kon-Boot disk yet but it was recommended to me by someone who has. Here's the description off of their site. I'd provide you with a link but apparently Noobs can't do that here. If you just google Kon-Boot you'll find it.
Kon-Boot for Windows enables logging in to any password protected machine
profile without without any knowledge
of the password. This tool changes the
contents of Windows kernel while
booting, everything is done virtually
- without any interferences with physical system changes. So far
following systems were tested to work
correctly with Kon-Boot (however its
quite possible other versions of
listed Windows systems may be suitable
as well): Tested Windows versions
Windows Server 2008 Standard SP2
(v.275) Windows Vista Business SP0
Windows Vista Ultimate SP1 Windows
Vista Ultimate SP0 Windows Server 2003
Enterprise Windows XP Windows XP SP1
Windows XP SP2 Windows XP SP3 Windows
7
I'd use a boot CD that would let me clear the administrator password. Had to do that with a workstation at church. There are quite a few Live CDs out there for just that if you do a quick GIS.
I used an EBCD boot CD a number of times with success on W2000 machines - you use it to overwrite the SAM entries for the administrator account rather than the usual brute force/dictionary approaches.
I've no the need to try it on newer versions of Windows but I think I read somewhere that security had been tightened up to stop this approach from working.
ophcrack is a live cd that boots and brute-forces passwords on a windows machine. http://ophcrack.sourceforge.net/
ntpasswd will give you off-line access to the registry and allow you to reset or blank passwords, including the Administrator.
Try one of the tools at http://www.petri.co.il/forgot_administrator_password.htm
Boot a linux live cd and use chntpw. I tend to use Fedora for the live cd.
Then:
Mount the windows partition:
Browse to the SAM database:
To get a list of local users on the windows machine type:
Change a particular users password:
I haven't personally tried Kon-Boot disk yet but it was recommended to me by someone who has. Here's the description off of their site. I'd provide you with a link but apparently Noobs can't do that here. If you just google Kon-Boot you'll find it.
I'd use a boot CD that would let me clear the administrator password. Had to do that with a workstation at church. There are quite a few Live CDs out there for just that if you do a quick GIS.
Do you really need the password?
A possible alternative would be: Add a new disk. Reinstall the OS. Access data from the old disk.
(If you do need the password, I recommend ntpasswd)
This works for xP, but , I am not sure if it will work for win2k. RockXP
If you don't want to change the password:
1 > Get a program called Ophcrack(very large. 496Mb)
2 >> Download the liveCD (ISO)
3 >> Burn the ISO to a CD using an ISO burner
4 >> The Live CD's come with the free rainbow tables, so you might need to download other tables (cost money)
4 >> Bootup from the CD
5 >> Crack the SAM and System file
I used an EBCD boot CD a number of times with success on W2000 machines - you use it to overwrite the SAM entries for the administrator account rather than the usual brute force/dictionary approaches.
I've no the need to try it on newer versions of Windows but I think I read somewhere that security had been tightened up to stop this approach from working.